X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Frsa.c;h=7bacd1e098af114fd4663eb4c6b5f9c1720bb3fc;hb=413da0f8686910f5e627393157566ae729ca99c4;hp=5607dfc2db41ca0576ae62ae17f4be263bdddac1;hpb=72cfa31520ebc0058763a30e21c13f6e9a964aa0;p=silc.git diff --git a/lib/silccrypt/rsa.c b/lib/silccrypt/rsa.c index 5607dfc2..7bacd1e0 100644 --- a/lib/silccrypt/rsa.c +++ b/lib/silccrypt/rsa.c @@ -35,8 +35,9 @@ * Decryption: * m = c ^ d mod n * - * This code is based on SSH's (Secure Shell), PGP's (Pretty Good Privacy) - * and RSAREF Toolkit's RSA source codes. They all were a big help for me. + * The SSH's (Secure Shell), PGP's (Pretty Good Privacy) and RSAREF + * Toolkit were used as reference when coding this implementation. They + * all were a big help for me. * * I also suggest reading Bruce Schneier's; Applied Cryptography, Second * Edition, John Wiley & Sons, Inc. 1996. This book deals about RSA and @@ -60,9 +61,20 @@ The `tmplen' in encrypt, decrypt, sign and verify PKCS API functions is now calculated by (key->bits + 7) / 8. It is the length of one block. + o Sat Mar 16 18:27:19 EET 2002 Pekka + + Use the SilcRng sent as argument to SILC_PKCS_API_INIT in prime + generation. + + o Sat Sep 26 19:59:48 EEST 2002 Pekka + + Fixed double free in public key setting. Use a bit larger e as + starting point in key generation. + */ #include "silcincludes.h" +#include "rsa_internal.h" #include "rsa.h" /* @@ -73,8 +85,9 @@ SILC_PKCS_API_INIT(rsa) { - uint32 prime_bits = keylen / 2; - SilcInt p, q; + SilcUInt32 prime_bits = keylen / 2; + SilcMPInt p, q; + bool found = FALSE; printf("Generating RSA Public and Private keys, might take a while...\n"); @@ -82,37 +95,38 @@ SILC_PKCS_API_INIT(rsa) silc_mp_init(&q); /* Find p and q */ - retry_primes: - printf("Finding p: "); - silc_math_gen_prime(&p, prime_bits, TRUE); - - printf("\nFinding q: "); - silc_math_gen_prime(&q, prime_bits, TRUE); - - if ((silc_mp_cmp(&p, &q)) == 0) { - printf("\nFound equal primes, not good, retrying...\n"); - goto retry_primes; + while (!found) { + printf("Finding p: "); + silc_math_gen_prime(&p, prime_bits, TRUE, rng); + + printf("\nFinding q: "); + silc_math_gen_prime(&q, prime_bits, TRUE, rng); + + if ((silc_mp_cmp(&p, &q)) == 0) + printf("\nFound equal primes, not good, retrying...\n"); + else + found = TRUE; } /* If p is smaller than q, switch them */ if ((silc_mp_cmp(&p, &q)) > 0) { - SilcInt hlp; + SilcMPInt hlp; silc_mp_init(&hlp); silc_mp_set(&hlp, &p); silc_mp_set(&p, &q); silc_mp_set(&q, &hlp); - silc_mp_clear(&hlp); + silc_mp_uninit(&hlp); } /* Generate the actual keys */ rsa_generate_keys((RsaKey *)context, keylen, &p, &q); - silc_mp_clear(&p); - silc_mp_clear(&q); + silc_mp_uninit(&p); + silc_mp_uninit(&q); - printf("\nKeys generated succesfully.\n"); + printf("\nKeys generated successfully.\n"); return TRUE; } @@ -128,11 +142,11 @@ SILC_PKCS_API_GET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *ret; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); *ret_len = e_len + 4 + n_len + 4; ret = silc_calloc(*ret_len, sizeof(unsigned char)); @@ -167,11 +181,11 @@ SILC_PKCS_API_GET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char *e, *n, *d, *ret; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; unsigned char tmp[4]; e = silc_mp_mp2bin(&key->e, 0, &e_len); - n = silc_mp_mp2bin(&key->n, key->bits / 8, &n_len); + n = silc_mp_mp2bin(&key->n, (key->bits + 7) / 8, &n_len); d = silc_mp_mp2bin(&key->d, 0, &d_len); *ret_len = e_len + 4 + n_len + 4 + d_len + 4; @@ -214,34 +228,50 @@ SILC_PKCS_API_SET_PUBLIC_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len; + SilcUInt32 e_len, n_len; + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + key->pub_set = FALSE; + } + + if (key_len < 4) + return 0; silc_mp_init(&key->e); silc_mp_init(&key->n); memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); - return FALSE; + if (!e_len || e_len + 4 > key_len) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); - + + if (key_len < 4 + e_len + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); - return FALSE; + if (!n_len || e_len + 4 + n_len + 4 > key_len) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + return 0; } silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); + key->pub_set = TRUE; - return TRUE; + return key->bits; } /* Set private key. This derives the public key from the private @@ -252,7 +282,21 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) { RsaKey *key = (RsaKey *)context; unsigned char tmp[4]; - uint32 e_len, n_len, d_len; + SilcUInt32 e_len, n_len, d_len; + + if (key->prv_set) { + silc_mp_uninit(&key->d); + key->prv_set = FALSE; + } + + if (key->pub_set) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + key->pub_set = FALSE; + } + + if (key_len < 4) + return FALSE; silc_mp_init(&key->e); silc_mp_init(&key->n); @@ -260,37 +304,56 @@ SILC_PKCS_API_SET_PRIVATE_KEY(rsa) memcpy(tmp, key_data, 4); SILC_GET32_MSB(e_len, tmp); - if (e_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + if (e_len + 4 > key_len) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4, e_len, &key->e); + if (key_len < e_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len, 4); SILC_GET32_MSB(n_len, tmp); - if (e_len + n_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + if (e_len + 4 + n_len + 4 > key_len) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4 + e_len + 4, n_len, &key->n); + if (key_len < e_len + 4 + n_len + 4 + 4) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); + return FALSE; + } + memcpy(tmp, key_data + 4 + e_len + 4 + n_len, 4); SILC_GET32_MSB(d_len, tmp); - if (e_len + n_len + d_len > key_len) { - silc_mp_clear(&key->e); - silc_mp_clear(&key->n); + if (e_len + 4 + n_len + 4 + d_len + 4 > key_len) { + silc_mp_uninit(&key->e); + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->d); return FALSE; } silc_mp_bin2mp(key_data + 4 + e_len + 4 + n_len + 4, d_len, &key->d); - key->bits = n_len * 8; + key->bits = silc_mp_sizeinbase(&key->n, 2); + key->prv_set = TRUE; + key->pub_set = TRUE; - return TRUE; + return key->bits; } SILC_PKCS_API_CONTEXT_LEN(rsa) @@ -298,55 +361,18 @@ SILC_PKCS_API_CONTEXT_LEN(rsa) return sizeof(RsaKey); } -SILC_PKCS_API_DATA_CONTEXT_LEN(rsa) -{ - return sizeof(RsaDataContext); -} - -SILC_PKCS_API_SET_ARG(rsa) -{ - RsaDataContext *data_ctx = (RsaDataContext *)data_context; - - switch(argnum) { - case 1: - data_ctx->src = val; - return TRUE; - break; - case 2: - data_ctx->dst = val; - return TRUE; - break; - case 3: - data_ctx->exp = val; - return TRUE; - break; - case 4: - data_ctx->mod = val; - return TRUE; - break; - default: - return FALSE; - break; - } - - return FALSE; -} - SILC_PKCS_API_ENCRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + int tmplen; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Encrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->e, &key->n); @@ -354,14 +380,11 @@ SILC_PKCS_API_ENCRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -369,18 +392,15 @@ SILC_PKCS_API_ENCRYPT(rsa) SILC_PKCS_API_DECRYPT(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + int tmplen; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Decrypt */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -388,14 +408,11 @@ SILC_PKCS_API_DECRYPT(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -403,18 +420,15 @@ SILC_PKCS_API_DECRYPT(rsa) SILC_PKCS_API_SIGN(rsa) { RsaKey *key = (RsaKey *)context; - int i, tmplen; - SilcInt mp_tmp; - SilcInt mp_dst; + int tmplen; + SilcMPInt mp_tmp; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_dst); /* Format the data into MP int */ - for (i = 0; i < src_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, src[i]); - } + silc_mp_bin2mp(src, src_len, &mp_tmp); /* Sign */ rsa_en_de_crypt(&mp_dst, &mp_tmp, &key->d, &key->n); @@ -422,14 +436,11 @@ SILC_PKCS_API_SIGN(rsa) tmplen = (key->bits + 7) / 8; /* Format the MP int back into data */ - for (i = tmplen; i > 0; i--) { - dst[i - 1] = (unsigned char)(silc_mp_get_ui(&mp_dst) & 0xff); - silc_mp_fdiv_q_2exp(&mp_dst, &mp_dst, 8); - } + silc_mp_mp2bin_noalloc(&mp_dst, dst, tmplen); *dst_len = tmplen; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); return TRUE; } @@ -437,28 +448,22 @@ SILC_PKCS_API_SIGN(rsa) SILC_PKCS_API_VERIFY(rsa) { RsaKey *key = (RsaKey *)context; - int i, ret; - SilcInt mp_tmp, mp_tmp2; - SilcInt mp_dst; + int ret; + SilcMPInt mp_tmp, mp_tmp2; + SilcMPInt mp_dst; - silc_mp_init_set_ui(&mp_tmp, 0); - silc_mp_init_set_ui(&mp_tmp2, 0); - silc_mp_init_set_ui(&mp_dst, 0); + silc_mp_init(&mp_tmp); + silc_mp_init(&mp_tmp2); + silc_mp_init(&mp_dst); /* Format the signature into MP int */ - for (i = 0; i < signature_len; i++) { - silc_mp_mul_2exp(&mp_tmp2, &mp_tmp2, 8); - silc_mp_add_ui(&mp_tmp2, &mp_tmp2, signature[i]); - } + silc_mp_bin2mp(signature, signature_len, &mp_tmp2); /* Verify */ rsa_en_de_crypt(&mp_dst, &mp_tmp2, &key->e, &key->n); /* Format the data into MP int */ - for (i = 0; i < data_len; i++) { - silc_mp_mul_2exp(&mp_tmp, &mp_tmp, 8); - silc_mp_add_ui(&mp_tmp, &mp_tmp, data[i]); - } + silc_mp_bin2mp(data, data_len, &mp_tmp); ret = TRUE; @@ -466,9 +471,9 @@ SILC_PKCS_API_VERIFY(rsa) if ((silc_mp_cmp(&mp_tmp, &mp_dst)) != 0) ret = FALSE; - silc_mp_clear(&mp_tmp); - silc_mp_clear(&mp_tmp2); - silc_mp_clear(&mp_dst); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_tmp2); + silc_mp_uninit(&mp_dst); return ret; } @@ -477,16 +482,14 @@ SILC_PKCS_API_VERIFY(rsa) to compute the modulus n has to be generated before calling this. They are then sent as argument for the function. */ -void rsa_generate_keys(RsaKey *key, uint32 bits, - SilcInt *p, SilcInt *q) +void rsa_generate_keys(RsaKey *key, SilcUInt32 bits, + SilcMPInt *p, SilcMPInt *q) { - SilcInt phi, hlp; - SilcInt div, lcm; - SilcInt pm1, qm1; + SilcMPInt phi, hlp; + SilcMPInt div, lcm; + SilcMPInt pm1, qm1; /* Initialize variables */ - silc_mp_init(&key->p); - silc_mp_init(&key->q); silc_mp_init(&key->n); silc_mp_init(&key->e); silc_mp_init(&key->d); @@ -500,22 +503,18 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, /* Set modulus length */ key->bits = bits; - /* Set the primes */ - silc_mp_set(&key->p, p); - silc_mp_set(&key->q, q); - /* Compute modulus, n = p * q */ - silc_mp_mul(&key->n, &key->p, &key->q); + silc_mp_mul(&key->n, p, q); /* phi = (p - 1) * (q - 1) */ - silc_mp_sub_ui(&pm1, &key->p, 1); - silc_mp_sub_ui(&qm1, &key->q, 1); + silc_mp_sub_ui(&pm1, p, 1); + silc_mp_sub_ui(&qm1, q, 1); silc_mp_mul(&phi, &pm1, &qm1); /* Set e, the public exponent. We try to use same public exponent for all keys. Also, to make encryption faster we use small number. */ - silc_mp_set_ui(&key->e, 127); + silc_mp_set_ui(&key->e, 65533); retry_e: /* See if e is relatively prime to phi. gcd == greates common divisor, if gcd equals 1 they are relatively prime. */ @@ -525,17 +524,17 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, goto retry_e; } - /* Find d, the private exponent. */ + /* Find d, the private exponent, e ^ -1 mod lcm(phi). */ silc_mp_gcd(&div, &pm1, &qm1); - silc_mp_fdiv_q(&lcm, &phi, &div); + silc_mp_div(&lcm, &phi, &div); silc_mp_modinv(&key->d, &key->e, &lcm); - silc_mp_clear(&phi); - silc_mp_clear(&hlp); - silc_mp_clear(&div); - silc_mp_clear(&lcm); - silc_mp_clear(&pm1); - silc_mp_clear(&qm1); + silc_mp_uninit(&phi); + silc_mp_uninit(&hlp); + silc_mp_uninit(&div); + silc_mp_uninit(&lcm); + silc_mp_uninit(&pm1); + silc_mp_uninit(&qm1); } /* Clears whole key structure. */ @@ -543,11 +542,12 @@ void rsa_generate_keys(RsaKey *key, uint32 bits, void rsa_clear_keys(RsaKey *key) { key->bits = 0; - silc_mp_clear(&key->p); - silc_mp_clear(&key->q); - silc_mp_clear(&key->n); - silc_mp_clear(&key->e); - silc_mp_clear(&key->d); + if (key->pub_set) { + silc_mp_uninit(&key->n); + silc_mp_uninit(&key->e); + } + if (key->prv_set) + silc_mp_uninit(&key->d); } /* RSA encrypt/decrypt function. cm = ciphertext or plaintext, @@ -558,8 +558,8 @@ void rsa_clear_keys(RsaKey *key) Decrypt: m = c ^ d mod n */ -void rsa_en_de_crypt(SilcInt *cm, SilcInt *mc, - SilcInt *expo, SilcInt *modu) +void rsa_en_de_crypt(SilcMPInt *cm, SilcMPInt *mc, + SilcMPInt *expo, SilcMPInt *modu) { - silc_mp_powm(cm, mc, expo, modu); + silc_mp_pow_mod(cm, mc, expo, modu); }